[Oisf-users] A question about using suricata as an IPS
Victor Julien
victor at inliniac.net
Fri Apr 1 15:01:51 UTC 2011
On 04/01/2011 05:00 PM, carlopmart wrote:
> On 04/01/2011 04:53 PM, Victor Julien wrote:
>> There is no need at all to pass an interface to Suricata in this case.
>> Suricata gets the packets from NFQueue 0 as told by "-q 0".
>>
>> Cheers,
>> Victor
>>
>
> Ok, but If I have several bridges in the same host, how can i configure
> suricata or iptables then??
>
> Thanks.
You need to setup your iptables NFQUEUE rules in such a way that all
traffic you want to pass to Suricata is covered. Suricata just inspects
what ends up on queue 0.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list